####系统环境:Linux 5.5
####软件版本:Bind 9.6.1
####一、下载所相应软件:
mkdir /tmp/bind
cd /tmp/bind
wget
wget
####二、安装OpenSSL-0.9.8k:
Bind 9.6.1的安装需要OpenSSL的支持,因此在安装Bind 9.6之前,先进行Openssl的安装,这里直接安装0.9.8K版本;
cd /tmp/bind
tar zxvf openssl-0.9.8k.tar.gz
cd openssl-0.9.8k
./config
make
make test
make install
make clean
mv /usr/bin/openssl /usr/bin/openssl.OFF
mv /usr/include/openssl /usr/include/openssl.OFF
rm -f /usr/lib/libssl.so
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
ln -sv /usr/local/ssl/lib/libssl.so.0.9.8 /usr/lib/libssl.so
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig
####三、安装Bind 9.6.1:
cd /tmp/bind
tar zxvf bind-9.6.1.tar.gz
cd bind-9.6.1
./configure --prefix=/usr/local/bind9 --enable-threads #定义安装目录及开启多线程处理能力
make
make install
make clean
####四、配置Bind
####rndc是DNS身份验证组件,这是Bind 9.0之后新出现的组件,因此我们先必须生成这个一个rndc KEY;
/usr/local/bind9/sbin/rndc-confgen >/usr/local/bind9/etc/rndc.conf
####这里我们查看一下rndc.conf里的内容,因为之后需要用到:
cat /usr/local/bind9/etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "vhxgnD3kPO4PpM8Kmkf1sA==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
####生成Bind主配置文件,加入以下内容:
vi /usr/local/bind9/etc/named.conf
####该内容是从rndc.conf内获取,具体见上部分
key "rndc-key" {
algorithm hmac-md5;
secret "vhxgnD3kPO4PpM8Kmkf1sA==";
};
####定义域名文件位置,域名转发一些参数(转发上层DNS为8.8.8.8),由于新版Bind对cache处理有所改变,因此只有forwarders还不能进行域名的转发,必须加上allow-query参数
options {
directory "/var/named";
pid-file "named.pid";
forwarders { 8.8.8.8;};
allow-query { any; };
};
####定义本地域名文件及本地反向解析文件:
controls {
inet 127.0.0.1 allow { localhost; }
keys {
"rndc-key";
};
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
####定义自己所需的域名文件及反向解析文件
zone "test.com" IN {
type master;
file "test.com";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "test.local";
allow-update { none; };
};
####新建localhost.zone文件,并加入以下内容
cd /var/named
vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
####新建name.local文件,并加入以下内容
cd /var/named
vi name.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
2010111501 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
####使用dig生成named.root文件
/usr/local/bind9/bin/dig /var/named/named.root
####新建自己的test.com域名文件,并加入以下内容
cd /var/named/test.com
$ttl 1D
@ IN SOA test.com. root.test.com. (
2010111501
3H
15M
1W
1D)
IN NS test.com.
IN MX 5 test.com.
www IN A 192.168.1.100
bbs IN A 192.168.2.100
####新建test.com域名的反向解析文件
$TTL 86400
@ IN SOA test.com. root.test.com.(
2010111501;
7200;
3600;
43200;
86400);
@ IN NS test.com.
82 IN PTR dns.test.com.
####五、启动Bind,并进行测试
/usr/local/bind9/sbin/named -c /usr/local/bind9/etc/named.conf
####检查Bind启动是否正常,端口是否侦听
ps -ax |grep named
netstat -na |grep 53
####可以看到进程存在,端口正在侦听状态
tail -n100 /var/log/messages |grep named
####如果正常可以看到named[PID] :running提示
####解析功能测试
nslookup
server 192.168.1.222 ####新建DNS服务器IP
####检查本地域名解析是否正常
bbs.test.com
####检查外部域名解析(转发功能)是否正常
阅读(1456) | 评论(1) | 转发(0) |
